Skip to main content
Global Star Migration SolutionsGlobal Star Migration Solutions
Legal

Data Protection

Our principles, controls and your rights under the Kenya Data Protection Act, 2019.

Secure data handling and compliance controls

Last updated

15 May 2026

This document is governed by the laws of Kenya and aligns with the Kenya Data Protection Act, 2019.

At a glance

The plain-English summary

Detailed legal text below, this is a summary, not a substitute.

  • GMS is a registered Data Controller under the Kenya Data Protection Act, 2019.
  • Every document upload is encrypted (TLS) and stored with at-rest encryption.
  • Cross-border transfers occur only where adequate safeguards exist.
  • You can exercise your access, correction, deletion and portability rights via email.

01. Our Commitment

Global Star Migration Solutions ("GMS") is committed to protecting your personal data and respecting your privacy. We process personal data in accordance with the Kenya Data Protection Act, 2019, and recognised international best practice.

02. Data Processing Principles

  • Lawfulness, fairness and transparency.
  • Purpose limitation: only for stated immigration objectives.
  • Data minimisation: we collect only what we need.
  • Accuracy: kept up to date with your participation.
  • Storage limitation: retained only as long as required.
  • Integrity and confidentiality: secured at every layer.

03. Categories of Data

  • Identification and biographical data.
  • Family and dependent information for related filings.
  • Employment, education and qualification records.
  • Sensitive data only where strictly necessary (e.g., medical for visa categories).
  • Communication metadata for client service delivery.

04. Biometric Data

Some immigration processes require biometric capture by the relevant authority. GMS does not retain biometric templates on its systems. Biometric records are processed and held by the Department of Immigration Services in line with applicable law.

05. Your Rights

  • Right to access your personal data.
  • Right to correction and deletion.
  • Right to object to or restrict processing.
  • Right to data portability.
  • Right to lodge a complaint with the ODPC.

06. Retention Schedule

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, plus a defined post-engagement period to satisfy legal, regulatory and tax obligations.

07. Cross-Border Transfers

Where data is transferred outside Kenya (for example, to a foreign embassy or your home country authority), we ensure appropriate safeguards including contractual protections and lawful processing bases.

08. Security Controls

  • TLS encryption in transit.
  • AES-256 encryption at rest.
  • Role-based access control and multi-factor authentication.
  • Audit logs and access reviews.
  • Documented incident response procedures.

09. Sub-Processors

We engage trusted technology and document storage providers under written agreements that align with the Kenya Data Protection Act and international standards.

10. Contact the DPO

Reach our Data Protection Officer at dpo@globalstarmigration.co.ke for any data protection queries or requests.

Build your future without borders

Work permits, residency and mobility in Kenya, book a senior consultant or message us on WhatsApp.

Book consultationWhatsApp

98%

First-pass

24h

Response

12+

Years KE

30%

Faster avg.